summaryrefslogtreecommitdiffstats
path: root/include/openid.php
diff options
context:
space:
mode:
authorArun Persaud <arun@nubati.net>2016-04-10 11:42:28 -0700
committerArun Persaud <arun@nubati.net>2016-04-10 11:42:28 -0700
commitfca4b445ba9fd3ca6abdd7c08a59e25b817c537b (patch)
treeeb478659b6c6da709be1940a950834970e22b940 /include/openid.php
parentecabf718a77ca979d16ef9d55f8db962fd3e814b (diff)
downloade-DoKo-fca4b445ba9fd3ca6abdd7c08a59e25b817c537b.tar.gz
e-DoKo-fca4b445ba9fd3ca6abdd7c08a59e25b817c537b.tar.bz2
e-DoKo-fca4b445ba9fd3ca6abdd7c08a59e25b817c537b.zip
BUGFIX: fix password for password recovery (was not random enough)
The password was just a constant string, the email, and the current time. Therefore, someone could just request a new password and even without getting the email, just try out different time stamps around the time the person requested the email and recover the temporary password. Added a random string to generate the password, which should fix this.
Diffstat (limited to 'include/openid.php')
0 files changed, 0 insertions, 0 deletions